SDN Blog

Ransomware has become the single largest cybersecurity threat facing most businesses, and risks continue to rise.

Other forms of malware remain significant threats, especially to small businesses. But other malware appears to have hit a wall, at least temporarily, in terms of growth, according to national security experts. The exponential growth and the relatively easy money that ransomware provides cyber thieves appears to be major reason.

Ransomware has evolved into a lucrative business model in the criminal world. So much so that its use grew by a multiplier of 167 – not percent, but times – from 2015 to 2016, according to SonicWall’s 2017 Annual Threat Report. SonicWall is a California-based company that sells cybersecurity products and services.

“The meteoric rise of ransomware in 2016 is unlike anything we’ve seen in recent years,” according to the company’s annual threat report. “The SonicWall Global Response Intelligence Defense (GRID) Threat Network detected an increase from 3.2 million ransomware attack attempts in 2014 and 3.8 million in 2015 to an astounding 638 million in 2016.”

SonicWall notes, for example, that the selling of ransomware services is making attacks available to an increasing pool of malware users. The company predicts that email will continue to be an effective distribution vector for ransomware in 2017 “as companies scramble to put more effective, advanced prevention systems and employee training procedures in place.”

The FBI, among other authorities, cite an increase in anonymous networking and secretive payment options as factors in the growing use of ransomware. Cyber thieves no longer have to be experts in technology to attack businesses. They can buy ready-to-use attack products secretly on the Dark Web and pay for them with untraceable currency such as Bitcoin.

Small companies generally are considered more vulnerable to cyberattacks than larger companies because they typically don’t have as large a technical staff or security budget.

The FBI has advice for businesses that deal with the risk of ransomware.

Make sure employees are aware of their critical roles in protecting the organization’s data.

Patch the operating system, software and firmware on digital devices (which may be made easier through a centralized patch management system).

Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.

Manage the use of privileged accounts. No users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.

Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations such as temporary folders.

To help ensure business continuity after an attack, the FBI encourages companies to back up their data regularly and to verify the integrity of the backup system. It should be secured and not connected to the computers and networks they back up.

Security experts at SDN Communications in Sioux Falls stress that in addition to having good, up-to-date security equipment, companies must regularly train all their employees well and keep training content up to date.

Most often, computing networks become infected with malware through human error and careless behavior rather than through mechanical failure, SDN points out.